CVE-2022-27666

HIGH

Linux Kernel < 5.17 - Heap Buffer Overflow in IPsec ESP Transformation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-27666. PoCs published by plummm, Albocoder, ngtuonghung.

AI-analyzed exploit summary This is a functional local privilege escalation (LPE) exploit for CVE-2022-27666, targeting Ubuntu Desktop 21.10 and other Linux distributions. The exploit leverages a use-after-free vulnerability in the Linux kernel's netfilter subsystem to achieve root privileges.

Description

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Exploits (3)

nomisec WORKING POC 205 stars
by plummm · poc
https://github.com/plummm/CVE-2022-27666

This is a functional local privilege escalation (LPE) exploit for CVE-2022-27666, targeting Ubuntu Desktop 21.10 and other Linux distributions. The exploit leverages a use-after-free vulnerability in the Linux kernel's netfilter subsystem to achieve root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel (Ubuntu Desktop 21.10, Fedora, Debian)
Auth required
Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2022-27666
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Albocoder · poc
https://github.com/Albocoder/cve-2022-27666-exploits

This repository contains two exploitation methods for CVE-2022-27666, a Linux kernel vulnerability. The PoC leverages FUSE (Filesystem in Userspace) and message queue manipulation to achieve privilege escalation by exploiting a use-after-free or similar memory corruption flaw.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel (specific versions affected by CVE-2022-27666)
No auth needed
Prerequisites: Linux kernel vulnerable to CVE-2022-27666 · Ability to compile and run C code on the target system · FUSE support enabled in the kernel
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by ngtuonghung · poc
https://github.com/ngtuonghung/CVE-2022-27666

The repository contains only a README.md file with the CVE identifier and no additional technical details or exploit code. It is a placeholder with minimal content.

Classification
Stub 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (5)

Core 5
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2061633
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220429-0001/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5127
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5173

Scores

CVSS v3 7.8
EPSS 0.0453
EPSS Percentile 90.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (17)
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 34
fedoraproject/fedora 35
linux/linux_kernel 5.17 (8 CPE variants)
linux/linux_kernel < 5.17
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
... and 7 more
Published Mar 23, 2022
Tracked Since Feb 18, 2026